Stuxnet: Computer worm opens new era of warfare

(CBS News) The most pernicious computer virus ever known wasn't out to steal your money, identity, or passwords. So what was the intricate Stuxnet virus after? Its target appears to have been the centrifuges in a top secret Iranian nuclear facility. Stuxnet showed, for the first time, that a cyber attack could cause significant physical damage to a facility. Does this mean that future malware, modeled on Stuxnet, could target other critical infrastructure -- such as nuclear power plants or water systems? What kind of risk do we face in this country? Steve Kroft reports.

The following script is from "Stuxnet" which aired on March 4, 2012. Steve Kroft is the correspondent. Graham Messick, producer.

For the past few months now, the nation's top military, intelligence and law enforcement officials have been warning Congress and the country about a coming cyberattack against critical infrastructure in the United States that could affect everything from the heat in your home to the money in your bank account. The warnings have been raised before, but never with such urgency, because this new era of warfare has already begun.

The first attack, using a computer virus called Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some U.S. involvement. But the implications and the possible consequences are only now coming to light.

FBI Director Robert Mueller: I do believe that the cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future.

Defense Secretary Leon Panetta: There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack.

House Intelligence Committee Chairman Mike Rogers: We will suffer a catastrophic cyberattack. The clock is ticking.

And there is reason for concern. For more than a decade, the U.S. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack, or launch its own. That time is here. Because someone sabotaged a top secret nuclear installation in Iran with nothing more than a long string of computer code.

Ret. Gen. Mike Hayden: We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.

Few people know more about the dark military art of cyberwar than Retired General Michael Hayden. He's a former head of the National Security Agency and was CIA director under George W. Bush. He knows a lot more about the attack on Iran than he can say here.

Hayden: This was a good idea, alright? But I also admit this was a really big idea too. The rest of the world is looking at this and saying, "Clearly someone has legitimated this kind of activity as acceptable international conduct." The whole world is watching.

The story of what we know about the Stuxnet virus begins in June of 2010, when it was first detected and isolated by a tiny company in Belarus after one of its clients in Iran complained about a software glitch. Within a month, a copy of the computer bug was being analyzed within a tight knit community of computer security experts, and it immediately grabbed the attention of Liam O Murchu, an operations manager for Symantec, one of the largest antivirus companies in the world.

Liam O Murchu: As soon as we saw it, we knew it was something completely different. And red flags started to go up straightaway.